An Inventory was taken in the Staminus Data Breach

A security firm focused on DDoS mitigations and found that almost 50GBs of compromised data was published to the Web over the weekend after an attacker completely compromised Staminus.

The Staminus breach influences websites from a wide spectrum to hate websites maintained by the Ku-Klux-Klan (KKK), like domains in the Minecraft community. The persons, who executed the Staminus attack, posted a long message on Friday with details regarding damages to the company and mocking their security measures and practices. Investigation reveals that hackers have managed to collect lot of information, and it has confirmed the hacker's initial claim of storing credit card details in clear text.

Analysts are claiming that the leaked data contained personal credentials of 4,415 customers of the company. These included contact details, complete addresses, emails, company details and encrypted passwords. Staminus database also contained complete credit card details of 2,042 of these customers. Moreover, researchers of RBS also exposed 141,403 entries of account billing details from different kind of purchases, which clients of Staminus made since the company started its activity.

Researchers, who were doing online trading of hashes, discovered that several KKK hashes were easily obtained with the help of selective versions of known racial slurs. The compromised data taken from Staminus, deriving at 47.7 GB over many archives through a Torrent download, was disclosed to public on Saturday. Csoonline.com posted on 14th March, 2016, stating that Thomas White, a researcher and activist known as Cthulhu, has provided access to the compromised records.

Researchers also exposed data related to servers configuration of Staminus, along with credentials of its employees like email addresses, encrypted passwords and OAuth credentials in the form of tokens and produced user keys.

RBS also came across certificates used by Staminus for some of its services along with site configurations for different external or internal services. The whole inventory is below; along with a list of KKK sites (Staminus clients) which hackers paid utmost care to include in the leaked data also. The hacker claimed that all this was possible because Staminus used the same root password for majority of its servers.

» SPAMfighter News - 3/23/2016